Security researchers have revealed that the Google Play Store had played host to malicious apps. The malware were downloaded over 40 million times.

Welcome to the safest mobile app marketplace, people!

A report published by Zscaler ThreatLabz (via Bleeping Computer) reveals how hackers are using malware to target users on mobile devices. It says that based on Telemetry data that it analyzed, Android Malware has jumped by 67% year-over-year.

For those curious, last year Zscaler had discovered over 200 fake apps on the Play Store. During June 2024 and May 2025, this number rose to 239 malicious apps. Many of these malware apps were distributed under the Tools category, masquerading as productivity and workflow tools. This resulted in the apps being downloaded 42 million times. The report points out that threat actors are now targeting mobile payments instead of credit card-focused fraud, with the help of spyware, banking malware, phishing trojans to steal financial information and login credentials which are used for malicious transactions.

According to the report, these Countries were most impacted by malware attacks: India (26%), United States (15%), Canada (14%), Mexico (5%) and South Africa (4%). Zscaler says that threat actors used an Android Void malware, to infect 1.6 million Android-based TV boxes, primarily in India and Brazil. A Remote Access Trojan (RAT), called Xnotice, was targeting jobseekers in the oil and gas industry, in the the Middle East and North African region. Adware is the number one threat with 69% of cases, while the Joker malware family dropped to 23% of cases from 38% last year.

Meanwhile, Google is enforcing a rule that will require Android app developers to verify their identify by submitting their personal information to register with the Android Developer Console, provide a Government issued ID, and pay a fee to Google. App developers who fail to comply will not be able to distribute their apps, even outside the Play Store on third-party websites and app marketplaces. This could effectively kill sideloading, a term that refers to the installation of apps outside the vendor’s control, in this case, the Google Play Store.

Why does it want to kill sideloading? Google believes that verifying the identity of app developers will reduce the amount of malware attacks on Android. The Mountain View company had claimed that “our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”

But F-Droid says that Google has failed to produce any evidence about this number, and this move is just to give Google full control over the Android ecosystem. And now we have a report that says Google Play was kind enough to give shelter to 239 freaking malware apps. This situation reminds me of the “This is Fine” dog from Gunshow Comic. Fix your own ship, Google. It leaks!

Did you know that a billion new passwords have been added to Have I Been Pwned’s database?

Advertisement